fadb4aa2c48a407c9e482cdad076173f54676a6ae20928ea5f36305c75971f0f | Triage

Analysis

max time kernel
2s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
12-11-2020 14:39

Sharing

Report Analysis Logs

General

Target

fadb4aa2c48a407c9e482cdad076173f54676a6ae20928ea5f36305c75971f0f.dll
Size

304KB
MD5

fc257dc14f4be29ccd62db4e785e350d
SHA1

fdbf4c032a9d95745de18f3b34c213f91a2db73c
SHA256

fadb4aa2c48a407c9e482cdad076173f54676a6ae20928ea5f36305c75971f0f
SHA512

1f687eaf6f506f14cc67f7de8e7dd7513e958c63936ec643ca5a454faca6e9f4e25a5351f0c6591b51faf08712b2af1af2925299581247148b429aba7ed3d98e

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

844 1816 WerFault.exe rundll32.exe
Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

WerFault.exe

pid process

844 WerFault.exe
844 WerFault.exe
844 WerFault.exe
844 WerFault.exe
844 WerFault.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 844 WerFault.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1816 wrote to memory of 844	1816	rundll32.exe	WerFault.exe
PID 1816 wrote to memory of 844	1816	rundll32.exe	WerFault.exe
PID 1816 wrote to memory of 844	1816	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fadb4aa2c48a407c9e482cdad076173f54676a6ae20928ea5f36305c75971f0f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1816

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1816 -s 56
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:844

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/844-0-0x0000000000000000-mapping.dmp

Download
memory/844-1-0x0000000001EE0000-0x0000000001EF1000-memory.dmp

Filesize
68KB

Download
memory/844-2-0x0000000002860000-0x0000000002871000-memory.dmp

Filesize
68KB

Download